CN108900530A - A kind of safe communication system and method - Google Patents
A kind of safe communication system and method Download PDFInfo
- Publication number
- CN108900530A CN108900530A CN201810852923.8A CN201810852923A CN108900530A CN 108900530 A CN108900530 A CN 108900530A CN 201810852923 A CN201810852923 A CN 201810852923A CN 108900530 A CN108900530 A CN 108900530A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- headend equipment
- internet
- data information
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/38—Services specially adapted for particular environments, situations or purposes for collecting sensor information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention provides a kind of safe communication system and method, the safe communication system includes at least one headend equipment, at least one terminal device, NB-IOT communication base station and Internet of Things cloud platform, and each headend equipment and at least one terminal device carry out key agreement to generate session key;The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, for the data information ciphertext of at least one headend equipment to be pushed to the Internet of Things cloud platform;The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out data processing operation;The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtained the data information ciphertext in the Internet of Things cloud platform and be decrypted using the session key.
Description
Technical field
The present invention relates to wireless communication technology fields, specifically, relate to a kind of safe communication system and method.
Background technique
Bridge is during long-term operation, by the natural environment of Various Complex, the human factor of burst and bridge
The combined influence of itself component aging equal various factors, inevitably leads to the different degrees of damage of structure.These damages
If cannot find and handle in time, unpredictable consequence can be caused to the safe operation of bridge.According to statistics, China from
What is had been reported so far from 2007 just has at least 34 bridges that cave-in accident, more than 200 people injury occurs.Therefore bridge knot
The safe condition of structure is constantly subjected to the concern of the public.Traditionally, generally by being embedded to sensor in bridge structure, to detect it strong
Health situation.But wired monitoring needs lay a large amount of cables transmission information, it is not only costly, but also install and tieed up with the later period
Shield is also inconvenient, and it is even more impossible to accomplish long-term real-time monitoring.
Currently, industry has the transmission for carrying out bridge health data using NB-IOT communication module, i.e., by the micro-control of sensor
Device processed is connected with NB-IOT wireless communication module, and the data of sensor acquisition are logical by NB-IOT wireless communication module and NB-IOT
Letter is wirelessly transferred between base station, and sends Internet of Things cloud platform for the data of acquisition, consequently facilitating extraneous terminal clothes
Business device transfers corresponding data from Internet of Things cloud platform.However, due to the number between Internet of Things cloud platform and terminal server
It is easier to crack according to transmission channel, once other people have therefrom distorted data, then the supervision department of bridge is easily according to the number of mistake
It is believed that breath does the judgement to make mistake, it would be possible to cause serious consequence to society and country.
In order to solve the above problems, people are seeking always a kind of ideal technical solution.
Summary of the invention
The purpose of the present invention is in view of the deficiencies of the prior art, pass to provide one kind and can be realized data information security
Defeated safe communication system and method.
To achieve the goals above, the technical scheme adopted by the invention is that:A kind of safe communication system, including:At least
One headend equipment, at least one terminal device, NB-IOT communication base station and Internet of Things cloud platform,
Each headend equipment and at least one terminal device carry out key agreement to generate session key;
The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;
The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, near
The data information ciphertext of a few headend equipment pushes to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out at data
Reason operation;
The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtains the data in the Internet of Things cloud platform
Information ciphertext is simultaneously decrypted using the session key.
Based on above-mentioned, the headend equipment includes microprocessor, acquisition module, the first security module and NB-IOT communication mould
Block;
The acquisition module is electrically connected with the microprocessor, and the data information for acquiring target environment is sent to described
Microprocessor;
The microprocessor is electrically connected, for controlling described in the first security module use with first security module
The data information is encrypted in session key;
The NB-IOT communication module, connect with the microprocessor, for sending data information ciphertext.
Based on above-mentioned, the headend equipment further includes the memory module and power supply mould for being electrically connected at the microprocessor
Block, the storage mould are used to store the data information of the acquisition module acquisition;The power module is used for the micro process
Device, the acquisition module, first security module and the NB-IOT communication module and memory module power supply.
Based on above-mentioned, the headend equipment further includes signal conditioning circuit and A/D converter, the signal conditioning circuit electricity
Property is connected to the acquisition module, and the datagram number for acquiring to the acquisition module is amplified, is filtered;It is described
A/D converter is electrically connected in the signal conditioning circuit and the microprocessor, for by amplification, filtering processing
The datagram number afterwards carries out analog-to-digital conversion, and is sent to the microprocessor and is analyzed and processed.
Based on above-mentioned, the terminal device includes processor, network communication module, the second security module and display module;
The network communication module is electrically connected at the processor, close for receiving the data information from the Internet of Things cloud platform
Text;Second security module is electrically connected at the processor, for close to the data information using the session key
Text is decrypted;The display module is electrically connected at the processor, for showing the second security module decryption
Data information afterwards.
The present invention also provides a kind of safety communicating method based on the safe communication system, the safety communicating methods
Including:
One headend equipment and a terminal device carry out key agreement to generate session key;
The data information of the headend equipment acquisition target environment, and the data information is added using the session key
Close processing;
Data information ciphertext is pushed to Internet of Things cloud platform by one NB-IOT communication base station;
The data information ciphertext is transferred to the terminal device by network by the Internet of Things cloud platform;
The terminal device is decrypted the data information ciphertext using the session key, corresponding bright to obtain
Literary information.
Based on above-mentioned, a headend equipment carries out key agreement with a terminal device and specifically includes:
The headend equipment and the terminal device carry out bidirectional identity authentication;
The headend equipment and the terminal device carry out key agreement and generate session key.
Based on above-mentioned, the headend equipment and the terminal device carry out bidirectional identity authentication and specifically include:
Its preset digital certificate and public and private key in the first security module of the headend equipment, the of the terminal device
Its preset digital certificate and public and private key in two security modules include public key and identity information in the digital certificate;
The headend equipment sends connection request to the terminal device;
The terminal device respond the connection request and to the headend equipment return the terminal device digital certificate and
Identity information through its private key signature;
The headend equipment verifies the legitimacy of the digital certificate of the terminal device, and is legal certificate in the digital certificate
The identity information of the private key signature through the terminal device is decrypted in public key in the Shi Caiyong digital certificate, and compares solution
Whether the identity information after close and the identity information in the terminal device digital certificate are consistent, to carry out to the terminal device
Authentication;
Identity letter of the headend equipment to the digital certificate of terminal device return headend equipment and through its private key signature
Breath;
The terminal device verifies the legitimacy of the digital certificate of the headend equipment, and is legal certificate in the digital certificate
The identity information of the private key signature through the headend equipment is decrypted in public key in the Shi Caiyong digital certificate, and compares solution
Whether the identity information after close and the identity information in the headend equipment digital certificate are consistent, to carry out to the headend equipment
Authentication.
Based on above-mentioned, bidirectional identity authentication and cipher key agreement process between the headend equipment and the terminal device are
It is completed in the transmission channel built based on the NB-IOT communication base station and the Internet of Things cloud platform.
Based on above-mentioned, it is specific that data information ciphertext by network is transferred to the terminal device by the Internet of Things cloud platform
Including:
The Internet of Things cloud platform receives the data acquisition request that the terminal device is sent, and according to the data acquisition request
Corresponding data information ciphertext is fed back to the terminal device;Or
The Internet of Things cloud platform timing pushes relevant data information ciphertext to the terminal device.
The present invention has substantive distinguishing features outstanding and significant progress compared with the prior art, specifically, of the invention
Safe communication system and method make it have wide covering, low-power consumption, and support magnanimity and connect by introducing the NB-IoT communication technology
The ability connect.Simultaneously by the way that the first security module and the second security module are respectively set in headend equipment and terminal device, from
And build the exit passageway between headend equipment and terminal device, the terminal device for having filled a vacancy traditional and Internet of Things cloud platform it
Between be easy to be intercepted the loophole of cleartext information by third party, effectively prevent malicious attacker therefrom intercepted data information, guarantee data
The safety of transmission.
Detailed description of the invention
Fig. 1 is the schematic diagram of safe communication system of the present invention.
Fig. 2 is the structural block diagram of the headend equipment in safe communication system described in Fig. 1.
Fig. 3 is the structural block diagram of the terminal device in safe communication system described in Fig. 1.
Fig. 4 is the flow diagram of safety communicating method of the present invention.
Fig. 5 is the flow diagram of key agreement step in safety communicating method of the present invention.
In figure:100. safe communication system;10. headend equipment;11. microprocessor;12. acquisition module;13. the first safety
Module;14. NB-IOT communication module;15. memory module;16. power module;20. NB-IOT communication base station;30. Internet of Things
Net cloud platform;40. terminal device;41. microprocessor;42. network communication module;43. the second security module;44. display module.
Specific embodiment
Below by specific embodiment, technical scheme of the present invention will be described in further detail, it is clear that described
Embodiment be only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ability
Domain those of ordinary skill every other embodiment obtained without making creative work, belongs to guarantor of the present invention
The range of shield.
It should be noted that it can be directly to separately when a component is considered as " connection " another component
One component may be simultaneously present component placed in the middle.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention
The normally understood meaning of technical staff is identical.Term as used herein in the specification of the present invention is intended merely to description tool
The purpose of the embodiment of body, it is not intended that in the limitation present invention.
As shown in Figure 1-Figure 3, the present invention provides a kind of safe communication system 100, is based on narrowband Internet of Things for constructing
(Narrow Band Internet of Things, NB-IOT)Secure transmission tunnel, with guarantee transmission data it is accurate
Property, legitimacy.
The safe communication system 100 includes:At least one headend equipment 10, NB-IOT communication base station 20, Internet of Things cloud
Platform 30 and at least one terminal device 40;
Each headend equipment 10 carries out key agreement at least one terminal device 40 to generate session key;
The headend equipment 10, for collecting the data information of Internet of Things front end and being carried out at encryption using the session key
Reason;
The NB-IOT communication base station 20 is arranged between at least one headend equipment 10 and the Internet of Things cloud platform 30, uses
In the data information ciphertext of at least one headend equipment is pushed to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform 30 pushes at least one headend equipment 10 converges, and according to visitor
The demand at family carries out data processing operation;
The terminal device 40 is established with the Internet of Things cloud platform 30 and is connected to the network, obtains in the Internet of Things cloud platform 30
Data information ciphertext and be decrypted using the session key.
Preferably, the Internet of Things cloud platform 30 is OneNET platform of internet of things, and OneNET platform of internet of things is as connection
With the center of data, various sensing networks and communication network are adapted to, and towards smart home, wearable device, car networking, shifting
The multiple fields such as dynamic health, intelligence wound visitor are open.
Each headend equipment 10 includes microprocessor 11, acquisition module 12, the first security module 13, NB-IOT communication mould
Block 14, memory module 15 and power module 16;The microprocessor 11 is electrically connected in the acquisition module 12, described
One security module 13, the NB-IOT communication module 14, the memory module 15 and the power module 16, for controlling
It states and is orderly operated between modules;The acquisition module 12, for acquiring target environment(Such as bridge)Data information;It is described
First security module 13, the data information for acquiring to the acquisition module 12 is encrypted, and supports symmetric cryptography
Algorithm, asymmetric cryptographic algorithm and hash, Hash cryptographic algorithm;The NB-IOT communication module 14 is believed for receiving data
Breath ciphertext is simultaneously issued the data information ciphertext using the NB-IOT communication technology;The memory module 15, for being adopted to described
The collection data information collected of module 12 carries out storage processing;The power module 16, for providing above-mentioned modules running
Electric energy in the process, it is preferable that the power module 16 is lithium battery.
Specifically, the acquisition module 12 can be strain gauge, amount of deflection sensor, Crack Detection sensor, inclination angle
Sensor, temperature sensor, air velocity transducer or displacement sensor, with target environment(Bridge)For illustrate each sensing
The effect of device is as follows:
The strain gauge is detected based on strain caused by bridge force-bearing deformation;The strain gauge is to be based on
Bridge occurs deflection deformation and is detected;The Crack Detection sensor is used to carry out the penetration of fracture and fracture width of bridge
Detection;The obliquity sensor is used to detect the gradient in some face of bridge;The temperature sensor is for detecting bridge sheet
The temperature of body;The air velocity transducer is for detecting the wind speed near bridge;Institute's displacement sensors are used for bridge
The displacement that whole and part is occurred is detected.
In practical applications, the acquisition module 12 is not limited to the above-mentioned sensor type listed, should be according to target ring
The data information acquired needed for border sets the concrete type of the acquisition module 12.
In a particular embodiment, each headend equipment 10 further includes signal conditioning circuit and A/D converter(It is not shown),
The signal conditioning circuit is electrically connected at the acquisition module 12, the datagram number for acquiring to the acquisition module 12
It amplifies, be filtered;The A/D converter is electrically connected in the signal conditioning circuit and the microprocessor
11, for carrying out analog-to-digital conversion to the datagram number after amplifying, being filtered, and it is sent to the microprocessor
11 are analyzed and processed.
Each terminal device 40 includes processor 41, network communication module 42, the second security module 43 and display module
44.The network communication module 42 is electrically connected at the processor 41, for receiving from the Internet of Things cloud platform 30
Data information ciphertext;Second security module 43 is electrically connected at the processor 41, for using the session key pair
The data information ciphertext is decrypted, and supports symmetric cryptographic algorithm, asymmetric cryptographic algorithm and hash, Hash password
Algorithm;The display module 44 is electrically connected at the processor 41, to be decrypted for showing by second security module 43
Data information, and then watch convenient for user.
It is appreciated that the terminal device 40 can be computer, mobile phone, PAD etc..
As shown in figure 4, the present invention also provides a kind of safety communicating method based on above-mentioned safe communication system 100, packet
Include following steps:
Step 1, a headend equipment 10 and a terminal device 40 carry out key agreement and generate session key;
Step 2, the headend equipment 10 acquires the data information of target environment;
Step 3, the headend equipment 10 is encrypted using data information of the session key to acquisition;
Step 4, data information ciphertext is pushed to Internet of Things cloud platform 30 by a NB-IOT communication base station 20;
Step 5, data information ciphertext is transferred to terminal device 40 by network by the Internet of Things cloud platform 30;
In some embodiments, firstly, the terminal device 40 issues request instruction, the object to the Internet of Things cloud platform 30
Networking cloud platform 30 authenticates the terminal device 40, if certification passes through, the Internet of Things cloud platform 30 is to described
Terminal device 40 feeds back corresponding data information ciphertext;
In further embodiments, the Internet of Things cloud platform 30 authenticates the terminal device 40, if certification passes through,
The Internet of Things cloud platform 30 pushes relevant data to the terminal device 40 according to the demand timing of the terminal device 40
Information ciphertext;
Step 6, the terminal device 40 is decrypted data information ciphertext using the session key, to be corresponded to
Cleartext information.
Wherein, step 1, a headend equipment 10 and a terminal device 40 carry out key agreement and specifically include following steps:
Step 1-1, the headend equipment 10 and the terminal device 40 carry out bidirectional identity authentication;
Step 1-2, after bidirectional identity authentication is proved to be successful, the headend equipment 10 carries out key association with the terminal device 40
Quotient simultaneously generates session key.
As shown in figure 5, the step 1-1 is specifically included:
Step 1-1-1, the digital certificate of the preset headend equipment 10 in the first security module 13 of the headend equipment 10
And public and private key, and the digital certificate and public affairs of the preset terminal device 40 of the second security module 43 in the terminal device 40
Private key;
Step 1-1-2, the headend equipment 10 send connection request to the terminal device 40;
Step 1-1-3, the terminal device 40 respond the connection request and return to terminal device 40 to the headend equipment 10
Digital certificate(Containing public key)And the identity information through its private key signature;
Whether step 1-1-4, the headend equipment 10 verify the digital certificate of the terminal device 40 by the center the CA institute trusted
It signs and issues, to verify the legitimacy of the digital certificate of the terminal device 40;Then using the public key in the digital certificate to warp
The identity information of the private key signature of the terminal device 40 is decrypted, and the identity information compared after decryption is set with the terminal
Whether the identity information in standby 40 digital certificates is consistent, if unanimously, the headend equipment 10 is completed to the terminal device
The certification of 40 identity;
Step 1-1-5, the headend equipment 10 return to the digital certificate of the headend equipment 10 to the terminal device 40(Containing public affairs
Key)And the identity information through its private key signature;
Whether step 1-1-6, the terminal device 40 verify the digital certificate of the headend equipment 10 by the center the CA institute trusted
It signs and issues, to verify the legitimacy of the digital certificate of the headend equipment 10;Then using the public key in the digital certificate to warp
The identity information of the private key signature of the headend equipment 10 is decrypted, and compares in the identity information and digital certificate after decryption
Identity information it is whether consistent, if unanimously, the terminal device 40 completes the certification to 10 identity of headend equipment.
In practical applications, the bidirectional identity authentication between the headend equipment 10 and the terminal device 40 and key association
Quotient's process is completed in the transmission channel built based on the NB-IOT communication base station 20 and the Internet of Things cloud platform 30, is
Length is simplified, technical solution is easy to understand, carries out bidirectional identification with the terminal device 40 introducing the headend equipment 10
When the step of Authentication and Key Agreement, the NB-IOT communication base station 20 and the Internet of Things cloud platform 30 are had been omitted from.
In communication process, regular time threshold value or data packet threshold value can be preset, when cumulative time or accumulative data
When packet quantity reaches preset threshold, re-start the headend equipment 10 and the terminal device 40 bidirectional identity authentication and
Key agreement may insure the safety communicated between the headend equipment 10 and the terminal device 40 in this way.
Safe communication system and method for the invention makes it have wide covering by introducing NB-IoT technology, low-power consumption, with
And the ability of support magnanimity connection.Simultaneously by the way that described the is respectively set in the headend equipment 10 and the terminal device 40
One security module 13 and second security module 42, to build between the headend equipment 10 and the terminal device 40
Exit passageway, be easy between the terminal device for having filled a vacancy traditional and the Internet of Things cloud platform by third party intercept in plain text
The loophole of information prevents malicious attacker therefrom intercepted data information, guarantees the safety of data transmission.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof;To the greatest extent
The present invention is described in detail with reference to preferred embodiments for pipe, those of ordinary skills in the art should understand that:Still
It can modify to a specific embodiment of the invention or some technical features can be equivalently replaced;Without departing from this hair
The spirit of bright technical solution should all cover within the scope of the technical scheme claimed by the invention.
Claims (10)
1. a kind of safe communication system, which is characterized in that including:At least one headend equipment, at least one terminal device, NB-
IOT communication base station and Internet of Things cloud platform,
Each headend equipment and at least one terminal device carry out key agreement to generate session key;
The headend equipment, for collecting the data information of Internet of Things front end and being encrypted using the session key;
The NB-IOT communication base station is arranged between at least one headend equipment and the Internet of Things cloud platform, near
The data information ciphertext of a few headend equipment pushes to the Internet of Things cloud platform;
The data information ciphertext that the Internet of Things cloud platform pushes at least one headend equipment converges, and carries out at data
Reason operation;
The terminal device is established with the Internet of Things cloud platform and is connected to the network, obtains the data in the Internet of Things cloud platform
Information ciphertext is simultaneously decrypted using the session key.
2. safe communication system according to claim 1, it is characterised in that:The headend equipment includes microprocessor, adopts
Collect module, the first security module and NB-IOT communication module;
The acquisition module is electrically connected with the microprocessor, and the data information for acquiring target environment is sent to described
Microprocessor;
The microprocessor is electrically connected, for controlling described in the first security module use with first security module
The data information is encrypted in session key;
The NB-IOT communication module, connect with the microprocessor, for sending data information ciphertext.
3. safe communication system according to claim 2, it is characterised in that:The headend equipment further includes being electrically connected at
The memory module and power module of the microprocessor, the storage mould are used to store the data letter of the acquisition module acquisition
Breath;The power module is used for logical to the microprocessor, the acquisition module, first security module and the NB-IOT
Believe module and memory module power supply.
4. safe communication system according to claim 2 or 3, it is characterised in that:The headend equipment further includes signal tune
Reason circuit and A/D converter, the signal conditioning circuit are electrically connected at the acquisition module, for adopting to the acquisition module
The datagram number of collection is amplified, is filtered;The A/D converter be electrically connected in the signal conditioning circuit and
The microprocessor for carrying out analog-to-digital conversion to the datagram number after amplifying, being filtered, and is sent to institute
Microprocessor is stated to be analyzed and processed.
5. safe communication system according to claim 1, it is characterised in that:The terminal device includes processor, network
Communication module, the second security module and display module;The network communication module is electrically connected at the processor, for receiving
Data information ciphertext from the Internet of Things cloud platform;Second security module is electrically connected at the processor, is used for
The data information ciphertext is decrypted using the session key;The display module is electrically connected at the processing
Device, for showing the data information after second security module decryption.
6. a kind of safety communicating method based on the described in any item safe communication systems of claim 1-5, which is characterized in that institute
Stating safety communicating method includes:
One headend equipment and a terminal device carry out key agreement to generate session key;
The data information of the headend equipment acquisition target environment, and the data information is added using the session key
Close processing;
Data information ciphertext is pushed to Internet of Things cloud platform by one NB-IOT communication base station;
The data information ciphertext is transferred to the terminal device by network by the Internet of Things cloud platform;
The terminal device is decrypted the data information ciphertext using the session key, corresponding bright to obtain
Literary information.
7. safety communicating method according to claim 6, it is characterised in that:One headend equipment carries out close with a terminal device
Key negotiation specifically includes:
The headend equipment and the terminal device carry out bidirectional identity authentication;
The headend equipment and the terminal device carry out key agreement and generate session key.
8. safety communicating method according to claim 7, which is characterized in that the headend equipment and the terminal device into
Row bidirectional identity authentication specifically includes:
Its preset digital certificate and public and private key in the first security module of the headend equipment, the of the terminal device
Its preset digital certificate and public and private key in two security modules include public key and identity information in the digital certificate;
The headend equipment sends connection request to the terminal device;
The terminal device respond the connection request and to the headend equipment return the terminal device digital certificate and
Identity information through its private key signature;
The headend equipment verifies the legitimacy of the digital certificate of the terminal device, and is legal certificate in the digital certificate
The identity information of the private key signature through the terminal device is decrypted in public key in the Shi Caiyong digital certificate, and compares solution
Whether the identity information after close and the identity information in the terminal device digital certificate are consistent, to carry out to the terminal device
Authentication;
Identity letter of the headend equipment to the digital certificate of terminal device return headend equipment and through its private key signature
Breath;
The terminal device verifies the legitimacy of the digital certificate of the headend equipment, and is legal certificate in the digital certificate
The identity information of the private key signature through the headend equipment is decrypted in public key in the Shi Caiyong digital certificate, and compares solution
Whether the identity information after close and the identity information in the headend equipment digital certificate are consistent, to carry out to the headend equipment
Authentication.
9. safety communicating method according to claim 7 or 8, which is characterized in that the headend equipment is set with the terminal
Bidirectional identity authentication and cipher key agreement process between standby are based on the NB-IOT communication base station and the Internet of Things cloud platform
It is completed in the transmission channel built.
10. safety communicating method according to claim 6, which is characterized in that the Internet of Things cloud platform will by network
Data information ciphertext is transferred to the terminal device and specifically includes:
The Internet of Things cloud platform receives the data acquisition request that the terminal device is sent, and according to the data acquisition request
Corresponding data information ciphertext is fed back to the terminal device;Or
The Internet of Things cloud platform timing pushes relevant data information ciphertext to the terminal device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810852923.8A CN108900530A (en) | 2018-07-30 | 2018-07-30 | A kind of safe communication system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810852923.8A CN108900530A (en) | 2018-07-30 | 2018-07-30 | A kind of safe communication system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108900530A true CN108900530A (en) | 2018-11-27 |
Family
ID=64352308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810852923.8A Pending CN108900530A (en) | 2018-07-30 | 2018-07-30 | A kind of safe communication system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108900530A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109991999A (en) * | 2019-03-29 | 2019-07-09 | 郑州信大捷安信息技术股份有限公司 | Unmanned plane formation self aligning system and method |
CN110022374A (en) * | 2019-04-18 | 2019-07-16 | 宁波甬脉科技有限公司 | Method for connecting network, device, communication equipment and storage medium based on Internet of Things |
CN110086634A (en) * | 2019-05-16 | 2019-08-02 | 济南浪潮高新科技投资发展有限公司 | A kind of system and method for intelligent video camera head safety certification and access |
CN111243129A (en) * | 2018-11-29 | 2020-06-05 | 郑州信大捷安信息技术股份有限公司 | Secure communication system and method for transmitting paper files |
CN111757062A (en) * | 2020-06-29 | 2020-10-09 | 郑州信大捷安信息技术股份有限公司 | Efficient and safe transmission method and system for video stream |
CN111757063A (en) * | 2020-06-29 | 2020-10-09 | 郑州信大捷安信息技术股份有限公司 | Video streaming transmission method and system based on 5G environment |
CN111918284A (en) * | 2020-07-24 | 2020-11-10 | 郑州信大捷安信息技术股份有限公司 | Safe communication method and system based on safe communication module |
CN112118254A (en) * | 2020-09-16 | 2020-12-22 | 许永宾 | Internet of things intelligent terminal device privacy data protection system |
CN114499828A (en) * | 2020-10-23 | 2022-05-13 | 京东方科技集团股份有限公司 | Communication method, Internet of things terminal, gateway equipment and Internet of things system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202033191U (en) * | 2011-04-08 | 2011-11-09 | 洛阳轴研科技股份有限公司 | Intelligent wind driven generator bearing monitoring system based on Internet of things |
CN103023653A (en) * | 2012-12-07 | 2013-04-03 | 哈尔滨工业大学深圳研究生院 | Low-power-consumption communication method and device for safety group of internet of things |
CN103560879A (en) * | 2013-10-09 | 2014-02-05 | 中国科学院信息工程研究所 | Method for achieving lightweight authentication and key agreement |
CN105163309A (en) * | 2015-09-10 | 2015-12-16 | 电子科技大学 | Method for secure communication of wireless sensor network based on combined password |
US20160180100A1 (en) * | 2014-12-18 | 2016-06-23 | Joe Britt | System and method for securely connecting network devices using optical labels |
CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
CN107454079A (en) * | 2017-08-04 | 2017-12-08 | 西安电子科技大学 | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things |
-
2018
- 2018-07-30 CN CN201810852923.8A patent/CN108900530A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202033191U (en) * | 2011-04-08 | 2011-11-09 | 洛阳轴研科技股份有限公司 | Intelligent wind driven generator bearing monitoring system based on Internet of things |
CN103023653A (en) * | 2012-12-07 | 2013-04-03 | 哈尔滨工业大学深圳研究生院 | Low-power-consumption communication method and device for safety group of internet of things |
CN103560879A (en) * | 2013-10-09 | 2014-02-05 | 中国科学院信息工程研究所 | Method for achieving lightweight authentication and key agreement |
US20160180100A1 (en) * | 2014-12-18 | 2016-06-23 | Joe Britt | System and method for securely connecting network devices using optical labels |
CN105163309A (en) * | 2015-09-10 | 2015-12-16 | 电子科技大学 | Method for secure communication of wireless sensor network based on combined password |
CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
CN107454079A (en) * | 2017-08-04 | 2017-12-08 | 西安电子科技大学 | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111243129B (en) * | 2018-11-29 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Secure communication system and method for transmitting paper files |
CN111243129A (en) * | 2018-11-29 | 2020-06-05 | 郑州信大捷安信息技术股份有限公司 | Secure communication system and method for transmitting paper files |
CN109991999B (en) * | 2019-03-29 | 2021-10-29 | 郑州信大捷安信息技术股份有限公司 | Unmanned aerial vehicle formation self-positioning system and method |
CN109991999A (en) * | 2019-03-29 | 2019-07-09 | 郑州信大捷安信息技术股份有限公司 | Unmanned plane formation self aligning system and method |
CN110022374A (en) * | 2019-04-18 | 2019-07-16 | 宁波甬脉科技有限公司 | Method for connecting network, device, communication equipment and storage medium based on Internet of Things |
CN110086634B (en) * | 2019-05-16 | 2021-12-14 | 山东浪潮科学研究院有限公司 | System and method for security authentication and access of intelligent camera |
CN110086634A (en) * | 2019-05-16 | 2019-08-02 | 济南浪潮高新科技投资发展有限公司 | A kind of system and method for intelligent video camera head safety certification and access |
CN111757063A (en) * | 2020-06-29 | 2020-10-09 | 郑州信大捷安信息技术股份有限公司 | Video streaming transmission method and system based on 5G environment |
CN111757062A (en) * | 2020-06-29 | 2020-10-09 | 郑州信大捷安信息技术股份有限公司 | Efficient and safe transmission method and system for video stream |
CN111918284A (en) * | 2020-07-24 | 2020-11-10 | 郑州信大捷安信息技术股份有限公司 | Safe communication method and system based on safe communication module |
CN111918284B (en) * | 2020-07-24 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Safe communication method and system based on safe communication module |
CN112118254A (en) * | 2020-09-16 | 2020-12-22 | 许永宾 | Internet of things intelligent terminal device privacy data protection system |
CN114499828A (en) * | 2020-10-23 | 2022-05-13 | 京东方科技集团股份有限公司 | Communication method, Internet of things terminal, gateway equipment and Internet of things system |
CN114499828B (en) * | 2020-10-23 | 2024-04-30 | 京东方科技集团股份有限公司 | Communication method, internet of things terminal, gateway equipment and Internet of things system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108900530A (en) | A kind of safe communication system and method | |
Malasri et al. | Addressing security in medical sensor networks | |
CN103581900B (en) | Communication safety control method, device, the first mobile terminal and mobile healthy equipment | |
WO2014052505A3 (en) | Biometric identification to authenticate user identity | |
CN103795541B (en) | Secure communication method of electricity information acquisition system of 230M wireless private network channel | |
CN111372247A (en) | Terminal secure access method and terminal secure access system based on narrowband Internet of things | |
CN103929741B (en) | A kind of wireless body area network data encryption and transmission method based on function certification | |
CN113595744B (en) | Network access method, device, electronic equipment and storage medium | |
CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
CN103368954A (en) | Smart card registration entry method based on password and biological characteristics | |
CN103051869A (en) | System and method for encrypting camera video in real time | |
CN104392172B (en) | A kind of safety detection method and system based on Embedded industrial system | |
Hsiao et al. | An authentication scheme to healthcare security under wireless sensor networks | |
CN106453353A (en) | Method for authenticating cloud by user terminal | |
CN102916809A (en) | Dynamic authentication method for intelligent power network control command based on state estimation | |
CN104994085B (en) | Identity identifying method and system in a kind of wireless sensor network | |
CN208707655U (en) | A kind of power distribution automation key agreement system | |
CN106789845A (en) | A kind of method of network data security transmission | |
CN109889532A (en) | Internet of things equipment safety certification and cryptographic key negotiation method based on environmental context | |
CN102752307B (en) | Based on transmission method and the system of the video monitoring data of mark | |
CN110278077B (en) | Method, device, equipment and storage medium for acquiring data information of electric energy meter | |
CN106878020A (en) | Network system, the authentication method of the network equipment and device | |
CN107424619A (en) | A kind of audio encryption algorithm and user ID authentication method and enciphering identifying method | |
CN105956428A (en) | Computer auxiliary detection system | |
CN108199851A (en) | A kind of data safe transmission method, apparatus and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181127 |
|
RJ01 | Rejection of invention patent application after publication |